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REMARKS FOR PRE- APPEAL BRIEF REQUEST FOR REVIEW 

Dear Sir: 

Applicants respectfully submit that the Examiner's rejection include clear errors 
because one or more limitations are not met by the cited reference. Claims 1-4 and 6-26 
stand rejected under 35 U.S.C. § 103(a) in view of Crane et al. (U.S. Patent No. 6,510,236). 
Claims 27-31 are allowable. Crane is directed to an authentication framework for managing 
authentication requests for multiple authentication devices such as token cards, biometric 
devices or scanners. A client unit passes to an application server a request for authentication 
that includes a user ID and device ID that identifies the token card, biometric device, scanner 
or other authentication device that is coupled to the client from which authentication 
information comes. The application server determines which device authentication server 18 
the request is intended for and then forwards authentication data and the request to that 
device authentication server 18. If the device authentication server 18 verifies that the 
authentication data is acceptable, an authentication token is returned to the client by the 
application server 12. The only mention of an authentication server 17 appears to be in 
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column 5, wherein Crane teaches that the authentication server 17 is only used if necessary if 
the application server 12 obtains an authentication token therefrom. 

In contrast, Applicants claims a different method and structure. For example, as to 
claim 1 , the claim requires, among other things, sending, by a first unit, user identification 
data to an authentication unit and using user identification data, sent by the first unit to 
determine which destination unit will receive an authentication code to be used to 
authenticate the user. The method includes sending the authentication code to the determined 
destination unit based on the user ID and returning authentication code to the authentication 
unit and authenticating the user when the returned authentication code matches the sent 
authentication code. As such, the claim requires, among other things, sending and returning 
an authentication code and authenticating a user when the returned authentication code 
matches the sent authentication code. User identification data is used to determine which 
destination unit will receive the authentication code to be used to authenticate the user. 

The office action states that the Crane reference teaches basically the entire claim. 
The office action equates the application server 12 to the "first unit" and the authentication 
server 17 to the "destination unit" and states "the user identification data is used by the 
application server (item 12) to access a database (item 15) to determine which destination 
unit (which particular authentication server) will receive the authentication code to 
authenticate the user..." (column 5, lines 1-20 etc.). Applicants respectfully submit that the 
office action mischaracterizes the Crane reference since user identification data in Crane is 
not used to determine which authentication server 17 (alleged to be equated to the claimed 
destination unit) will receive an authentication code to be used to authenticate the user. It 
appears that the office action misread the operation of Crane since there is only one 
authentication server 17 and hence there is no need to determine which authentication server 
17 will receive an authentication code to be used to authenticate a user. In addition, 
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Applicants are unable to find any such teaching with respect to the authentication server 1 7 in 
the reference. In fact, upon closer evaluation of the reference, the words "particular device 
authentication server" appear in column 5, lines 18-21 but refer to the device authentication 
server 18 and not to the application authentication server 17, which is equated to Applicants' 
claimed destination unit. Accordingly, the claims are in condition for allowance. 

The Crane reference also fails to teach the claimed sequence of processes since the 
authentication server 17 alleged to be the destination unit, returns an authentication token 
only after the user is authorized by the application authentication server 12 (see column 5, 
lines 38-42). In contrast, the claim requires, among other things, using the user identification 
data to determine which destination unit will receive an authentication code to be used to 
authenticate the user. As such, the authentication code is used to authenticate the user and 
this authentication code is sent to a destination unit. The authentication server 1 7 in Crane 
does not operate in this manner since it only sends an authentication token once the user has 
been authorized. 

Moreover, the claim requires sending the authentication code to the determined 
destination unit based on the user identification data. The cited portion, namely, column 3, 
lines 23-27 does not at all refer to a destination unit (the application authentication server 17). 
The cited portion is not referring to authentication server 17, but actually refers to the device 
authentication server 18. (See column 5, line 25). Accordingly, the reference does not teach 
what is alleged and the claims are in condition for allowance. 

The office action also alleges that column 5, lines 33-37 teaches authenticating the 
user when the returned authentication code matches the sent authentication code. (See Final 
Action, page 6). However, there is no comparison or matching performed in the cited portion 
since it is not required by the system of Crane. Crane, in this portion, refers to a device 
authentication server 1 8 that determines whether the fingerprint scanner has been registered 
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with the system by checking a database 15. If the device has been registered with the system, 
then a "yes" indication is passed back to the application server 12. There is no matching of a 
returned authentication code with a sent authentication code as alleged. The cited portion 
instead states "upon receipt, the application server processes the response [yes or no 
response] as required and as a result knows the user is to be given access. It may then pass an 
authorization token back to the user, preferably encrypted in the session key." The "yes" 
response is not matched with any authentication code as required by the claim. Accordingly, 
the claim is in condition for allowance. 

In addition, the office action admits that Crane fails to disclose returning the 
authentication code to the authentication unit but that it would have been obvious in view of 
Crane itself to send an authentication code instead of a simple yes/no answer since it is 
alleged that Crane discloses this modification in his own invention. However, there is no 
teaching in Crane to modify this response. In addition, as noted above, this yes or no 
response is not used to authenticate the user but to the contrary, authenticates the device that 
has been registered with the system. For example, no user is authenticated by the information 
in the yes or no response which is alleged to equate to the returned authentication code. 

The cited portion of the reference, namely column 5, lines 60-64 that is alleged to 
teach "that all the message, or a response string may be returned instead of a digital 
signature." (see page 6 of response) does not state this proposition. Instead, the cited portion 
merely states that the various messages or response strings may be communicated "over a 
secure link as opposed to using encryption and digital signature schemes," Accordingly, 
what Crane actually teaches is that the "yes" or "no" response may instead of being digitally 
signed, may be sent via a secure link. It does not teach the returning of an authentication 
code that is then matched with a sent authentication code to authenticate a user as required by 
the claim. Accordingly, the claim is in condition for allowance. 
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The other claims are also believed to be allowable for similar reasons. 

Claim 10 is allowable for similar reasons and also because the cited portion of Crane 
does not refer to using a primary wireless channel in combination with a wireless back 
channel as claimed. The office action cites column 1, lines 25-39 and column 6, lines 1-14. 
These cited portions are silent as to the use of any back channel and in fact, column 1, lines 
25-39 actually refers to the primary communication channel. The portion cited in column 6, 
lines 1-14 only refers to different authentication device types and does not appear to mention 
anything about a wireless back channel or use of a primary channel in combination therewith 
with the other limitations set forth in the claim. 

Claims 17 and 21 are allowable at least for the same reasons given above with respect 
to the other corresponding independent claims and as such, Applicants respectfully submit 
that these claims are also in condition for allowance. 

Claim 5 stands rejected under 35 U.S.C. § 103(a) as being unpatentable over Crane in 
view of Bellare et al. Applicants respectfully reasserts the relevant remarks made above with 
respect to the Crane reference and as such, this claim is also in condition for allowance. 

Accordingly, Applicants respectfully request that a timely Notice of Allowance be 
issued in this case. The Examiner is invited to contact the below-listed attorney if the 
Examiner believes that a telephone conference will advance the prosecution of this 
application. 



Vedder, Price, Kaufman & Kammholz, P.C. 
222 N. LaSalle Street 
Chicago, Illinois 60601 
PHONE: (312) 609-7599 
FAX: (312)609-5005 



Respectfully submitted, 





Chris topner J. Reckamp 
Registration No. 34,414 
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